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1.1 MAC Access Table Configuration Commands 


The MAC access list configuration commands include: 
e mac access-list 

e permit 

e deny 


e mac access-group 


1.1.1 mac access-list 


Syntax 


To add or cancel a MAC access list, run the following command. 


[no] mac access-list name 


Parameters 


Parameters Description 


name MAC: Name of the MAC access list 


Default Value 


When there is a rule in the access list, an item- deny any any- will be added to the 
end by default and the item will not show. 


Command Mode 

Global configuration mode 
Usage Guidelines 

This command is run in global configuration mode. 
Example 


The following example shows how to configure a mac-acl MAC access list. 


Switch-config# mac access-list mac-acl 
Switch-config-macl# 
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1.1.2 permit 
Syntax 
To add or cancel an item to or from the MAC access list, run the following 
command. To return to the default setting, use the no form of this command. 
[no] permit {any | host src-mac-addr | src-mac-addr src-mac-mask } [any | 
host dst-mac-addr | dst-mac-addr dst-mac-mask][ {arp | ip } [[any | 
src-ip-addr] [any | dst-ip-addr ]] | ethertype] 
Parameters 
Parameters Description Value Range 
any Any value = 
host Chassis a 
src-mac-addr Stands for source MAC address H.H.H 
src-mac-mask Stands for source mac mask H.H.H 
dst-mac-addr Stands for destination MAC address | H.H.H 
dst-mac-mask Stands for destination mac mask H.H,H 
arp Stands for matched arp packets om 
Ip Stands for matched IP packets _ 
src-ip-addr Stands for source IP address A.B.C.D 
dst-ip-addr Stands for the destination IP address | A.B.C.D 
ethertype Type of the matched Ethernet packet | 0x0600-OxFFFF 


Default Value 


If no entry is configured, the command cannot be functioned under the interface; if 
the entry is configured and there is no permit any any, a deny any any will be 
added automatically. That is to say, flow without matching any item will be dropped. 


Usage Guidelines 
This command is running in MAC access list configuration mode. 
Example 


The following example shows how to set the MAC address of a host to 
1234.5678.abcd. 


Switch_config# mac access-list al-test 


Switch-config-macl#permit host 1234.5678.abcd any 
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1.1.3. deny 
Syntax 
To add an item rejected by the MAC access list, run the following command. To 
return to the default setting, use the no form of this command. 
[no] deny {any | host src-mac-addr | src-mac-addr src-mac-mask } [any | host 
dst-mac-addr | dst-mac-addr dst-mac-mask][ {arp | ip } [[any | src-ip-addr] 
[any | dst-ip-addr ]] | ethertype] 
Parameters 
Parameters Description Value Range 
any Any value = 
host Chassis -_ 
src-mac-addr Stands for source MAC address H.H.H 
src-mac-mask Stands for source mac mask H.H.H 
dst-mac-addr Stands for destination MAC address | H.H.H 
dst-mac-mask Stands for destination mac mask H.H,H 
arp Stands for matched arp packets _ 
ip Stands for matched ip packets 
src-ip-addr Stands for source IP address A.B.C.D 
dst-ip-addr Stands for the destination IP address | A.B.C.D 
ethertype Type of the matched Ethernet packet | Ox0600-OxFFFF 


Default Value 


If no entry is configured, the command cannot be functioned under the interface; if 
the entry is configured and there is no permit any any, a deny any any will be 
added automatically. That is to say, flow without matching any item will be dropped. 


Command Mode 
This command is running in MAC access list configuration mode. 
Example 
The following example shows how to reject a host whose MAC address is 


1234.5678.abcd. 


Switch_config# mac access-list al-test 
Switch-config-macl#deny host 1234.5678.abcd any 
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1.1.4 mac access-group 


Syntax 


To apply the established MAC access list to an interface or in the global mode or 
cancel a MAC access list which is already applied to an interface or in the global 
mode, run the previous command. 

Global: 

mac access-group name [egress |_ vian {word | add word | remove word}] 
[no] mac access-group name [egress | vlan ] 


Port: 


[no] mac access-group name [egress] 


Parameters 
Parameters Description 
name MAC: Name of the MAC access list 
egress THE ACCESS LIST IS APPLIED IN EGRESS. 
vlan THE ACCESS LIST IS APPLIED IN INGRESS. 
word VLAN RANGE TABLE 
add ADD VLAN RANGE TABLE 
remove DELETE VLAN RANGE TABLE 


Default Value 

No MAC access list is applied to an interface. 
Command Mode 

Global configuration mode, interface configuration mode 
Usage Guidelines 


This command is configured in PON interface or the uplink interface configuration 
mode or the interface configuration mode. If there is no access list, an access list 
with the empty rule will be created. 


Example 
The following example shows how to configure the macacl MAC access list on 


interface gpon0/1. 
Switch_config# interface gp0/1 
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Switch_config_gpon01# mac access-group macacl 


